I get syntax error to mysql insert statement. May I know how to correct this error ?
user=txtuser.getText();
char[] pass=jPasswordField1.getPassword();
String passString=new String(pass);
try{
Connection con = createConnection();
Statement st = con.createStatement();
**String sql = "INSERT INTO login(username,Password)"+"VALUES"+"('"user"','"passString"')";**
st.executeUpdate(sql);
}
catch(Exception e){
JOptionPane.showMessageDialog(null,"Exception: "+ e.toString());
}
mtk
13.8k16 gold badges75 silver badges117 bronze badges
asked Jan 10, 2013 at 11:59
user1966589
191 gold badge1 silver badge7 bronze badges
-
What does this have to do with jQuery? Retagging now.Rory McCrossan– Rory McCrossan2013年01月10日 12:01:27 +00:00Commented Jan 10, 2013 at 12:01
1 Answer 1
You're missing a few + operators:
String sql = "INSERT INTO login(username,Password) VALUES ('" + user + "','" + passString + "')";
Consider using PreparedStatement placeholders to set these parameters. This will protect you from SQL injection attacks also. Here is an example
answered Jan 10, 2013 at 12:00
Reimeus
160k16 gold badges225 silver badges282 bronze badges
Sign up to request clarification or add additional context in comments.
4 Comments
user1966589
please can u tell how to use preparestatement
Bhavik Shah
@user1966589 : roseindia.net/jdbc/jdbc-mysql/TwicePreparedStatement.shtml
user1966589
@limelights now i get a run time error . java.lang.UnsupportedOperationException:Notyet implemented
Henrik Andersson
From where? Make a new question and post your code and stacktrace or update this question with the stacktrace, please.
default